US firm pushed to brink by China hack attack

A family-owned firm came under relentless assault after accusing China of pirating its software to build the Green Dam cybercensor

By Michael Riley / Bloomberg

No one ever told Milburn that he was facing not amateurs, but professionals who had ransacked secure US government networks, until the results of Stewart’s analysis last August.

The tools Milburn found in his network were unique to the Comment group, according to Stewart.

They included software designed to let the hackers send out stolen files and steal security credentials.

Without a more in-depth investigation, Stewart said it was difficult, if not impossible, to determine the hackers’ goal as they rifled Milburn’s network. Some of what Milburn experienced, including repeated and regular crashing of his servers, could have been an unintended side-effect as the hackers infested the network with backdoors and other malware.

Or it might have been deliberate. From a hacker’s point of view, everything Milburn experienced is technically “pretty elementary,” says Nicholas Percoco, who heads SpiderLabs, a Chicago-based security division of Trustwave.

Percoco and his team are paid by corporations to hack into their networks to test security — what is known as penetration testing.

“If I can do it, the Chinese certainly can do it,” he says.

At one point, Milburn was able to identify a server that the hackers appeared to be using as a staging point to attack other targets. He was never able to shut down their activities, though.

In August last year, a California district judge rejected a move by some of the defendants to shift Solid Oak’s lawsuit to China, and ruled that it could go ahead in a US court. Negotiations for settlement moved forward in earnest.

Solid Oak reached agreement with defendants for an undisclosed sum in February, and the case was dismissed two months later. Milburn says he cannot discuss the terms, including exactly which defendants participated.

His attorney, Gregory Fayer, now at Fayer Gipson, says the Chinese government, which had by then declared that the Green Dam program would be strictly voluntary, was not among them.

In US District Court in California, the presiding judge declared China in default in the lawsuit for failing to respond.

Within two months of the settlement, Milburn says, the unusual activity in the company’s computer network had nearly stopped.

The wild ride of those three years did more than wreak havoc on Solid Oak’s computers. It threw into question Milburn’s retirement plans, he says.

During the worst moments, he wondered if he would have to start over, get rid of the CYBERsitter domain name and try again under a new digital identity, just to be free of his adversaries.

Milburn now feels he can move on, even if he did not prevail. Sales have not fully recovered, but he says he now has a chance to rebuild his customer base.

“It turns out they were just better than me,” says Milburn, whose doctor recently diagnosed him with a stress-related ailment.

“But it was the right thing to do,” he says. “You don’t do anybody a favor by not taking a stand on this kind of stuff.”

With the company’s finances now more stable, DiPasquale recently went out and bought a new computer.

“I just wanted to tie the last one to an anvil and toss it in the sea,” she says.